private void CreateRoleAssignment(ExchangeRole role, ADRecipient recipient, RoleAssignmentDelegationType delegationType) { if (this.adSplitPermissionMode && delegationType == RoleAssignmentDelegationType.Regular && InstallCannedRbacRoleAssignments.invalidRoleTypesInADSplitPermissionMode.Contains(role.RoleType)) { base.WriteVerbose(Strings.VerboseSkipCreatingRoleAssignment(recipient.Id.ToString(), role.Id.ToString(), delegationType.ToString())); return; } RoleAssigneeType roleAssigneeType = ExchangeRoleAssignment.RoleAssigneeTypeFromADRecipient(recipient); RoleHelper.CreateRoleAssignment(role, recipient.Id, recipient.OrganizationId, roleAssigneeType, recipient.OriginatingServer, delegationType, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, this.configurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); }
private void PrepareRolesAndRoleAssignments() { RoleAssigneeType assigneeType = RoleAssigneeType.RoleAssignmentPolicy; if (base.Fields.IsChanged("Roles") && this.Roles != null) { this.roles = new MultiValuedProperty <ExchangeRole>(); this.roleAssignments = new List <ExchangeRoleAssignment>(); this.PrepareRoles(); this.PrepareRoleAssignments(assigneeType); } }
private void PrepareRoleAssignments(RoleAssigneeType assigneeType) { foreach (ExchangeRole role in this.roles) { bool flag = false; ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment(); RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, assigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope); if (!flag && base.ExchangeRunspaceConfig != null) { RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); } this.roleAssignments.Add(exchangeRoleAssignment); } }
protected override IConfigurable PrepareDataObject() { TaskLogger.LogEnter(); ADGroup result = (ADGroup)base.PrepareDataObject(); if (!this.PartnerManaged.IsPresent) { SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError)); } RoleAssigneeType roleAssigneeType = RoleAssigneeType.RoleGroup; if ("crossforest" == base.ParameterSetName) { roleAssigneeType = RoleAssigneeType.LinkedRoleGroup; } if (base.Fields.IsChanged("Roles") && this.Roles != null) { this.roles = new MultiValuedProperty <ExchangeRole>(); this.roleAssignments = new List <ExchangeRoleAssignment>(); foreach (RoleIdParameter roleIdParameter in this.Roles) { ExchangeRole item = (ExchangeRole)base.GetDataObject <ExchangeRole>(roleIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(roleIdParameter.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(roleIdParameter.ToString()))); this.roles.Add(item); } this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true; foreach (ExchangeRole role in this.roles) { bool flag = false; ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment(); RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, roleAssigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope); if (!flag && base.ExchangeRunspaceConfig != null) { RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); } this.roleAssignments.Add(exchangeRoleAssignment); } } TaskLogger.LogExit(); return(result); }
private bool TryUpdateRoleAssigneeTypeAndScope(ExchangeRoleAssignment assignment) { RoleAssigneeType roleAssigneeType = RoleAssigneeType.User; ADRawEntry adrawEntry = this.recipientSession.ReadADRawEntry(assignment.User, InstallCannedRbacRoleAssignments.principalProperties); if (adrawEntry == null) { adrawEntry = this.configurationSession.ReadADRawEntry(assignment.User, InstallCannedRbacRoleAssignments.principalProperties); if (adrawEntry == null) { return(false); } } MultiValuedProperty <string> multiValuedProperty = (MultiValuedProperty <string>)adrawEntry[ADObjectSchema.ObjectClass]; foreach (string value in multiValuedProperty) { if ("group".Equals(value, StringComparison.OrdinalIgnoreCase)) { roleAssigneeType = RoleAssigneeType.SecurityGroup; break; } if ("msExchRBACPolicy".Equals(value, StringComparison.OrdinalIgnoreCase)) { roleAssigneeType = RoleAssigneeType.RoleAssignmentPolicy; break; } if ("user".Equals(value, StringComparison.OrdinalIgnoreCase)) { if (RecipientTypeDetails.MailboxPlan == (RecipientTypeDetails)adrawEntry[ADRecipientSchema.RecipientTypeDetails]) { roleAssigneeType = RoleAssigneeType.MailboxPlan; break; } roleAssigneeType = RoleAssigneeType.User; break; } } ConfigWriteScopeType configWriteScopeType = assignment.ConfigWriteScope; ScopeType scopeType = assignment.ConfigReadScope; if (configWriteScopeType == ConfigWriteScopeType.None) { ExchangeRole exchangeRole = this.configurationSession.Read <ExchangeRole>(assignment.Role); if (exchangeRole != null) { base.LogReadObject(exchangeRole); ValidationError[] array = exchangeRole.Validate(); if (array.Length > 0) { this.WriteWarning(Strings.WarningCannotUpgradeRole(exchangeRole.Identity.ToString(), array[0].Description)); return(false); } scopeType = exchangeRole.ImplicitConfigReadScope; configWriteScopeType = (ConfigWriteScopeType)exchangeRole.ImplicitConfigWriteScope; } } if (assignment.RoleAssigneeType != roleAssigneeType || assignment.ConfigWriteScope != configWriteScopeType || assignment.ConfigReadScope != scopeType) { assignment.RoleAssigneeType = roleAssigneeType; assignment.ConfigReadScope = scopeType; assignment.ConfigWriteScope = configWriteScopeType; } return(true); }